aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-10-11 21:52:03 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-11 21:52:03 -0400
commit79360ddd73dfe9a26f49ef4e27b8c26612929b0e (patch)
treea8b0d226e0d83ea4e3a8c27b091a7121dbb9638b
parent8213a2f3eeafdecf06dd718cb4130372263f6067 (diff)
parent98f6ef64b15a48f15062aff5d143b5d9a6ae7711 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull pile 2 of vfs updates from Al Viro: "Stuff in this one - assorted fixes, lglock tidy-up, death to lock_super(). There'll be a VFS pile tomorrow (with patches from Jeff Layton, sanitizing getname() and related parts of audit and preparing for ESTALE fixes), but I'd rather push the stuff in this one ASAP - some of the bugs closed here are quite unpleasant." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: vfs: bogus warnings in fs/namei.c consitify do_mount() arguments lglock: add DEFINE_STATIC_LGLOCK() lglock: make the per_cpu locks static lglock: remove unused DEFINE_LGLOCK_LOCKDEP() MAX_LFS_FILESIZE definition for 64bit needs LL... tmpfs,ceph,gfs2,isofs,reiserfs,xfs: fix fh_len checking vfs: drop lock/unlock super ufs: drop lock/unlock super sysv: drop lock/unlock super hpfs: drop lock/unlock super fat: drop lock/unlock super ext3: drop lock/unlock super exofs: drop lock/unlock super dup3: Return an error when oldfd == newfd. fs: handle failed audit_log_start properly fs: prevent use after free in auditing when symlink following was denied
Diffstat
-rw-r--r--fs/ceph/export.c18
-rw-r--r--fs/exofs/super.c4
-rw-r--r--fs/ext3/super.c6
-rw-r--r--fs/fat/dir.c4
-rw-r--r--fs/fat/fat.h5
-rw-r--r--fs/fat/inode.c5
-rw-r--r--fs/fat/namei_msdos.c26
-rw-r--r--fs/fat/namei_vfat.c30
-rw-r--r--fs/file.c3
-rw-r--r--fs/file_table.c2
-rw-r--r--fs/gfs2/export.c4
-rw-r--r--fs/hpfs/super.c3
-rw-r--r--fs/isofs/export.c2
-rw-r--r--fs/namei.c3
-rw-r--r--fs/namespace.c12
-rw-r--r--fs/reiserfs/inode.c6
-rw-r--r--fs/super.c23
-rw-r--r--fs/sysv/balloc.c18
-rw-r--r--fs/sysv/ialloc.c14
-rw-r--r--fs/sysv/inode.c4
-rw-r--r--fs/sysv/super.c1
-rw-r--r--fs/sysv/sysv.h1
-rw-r--r--fs/ufs/balloc.c30
-rw-r--r--fs/ufs/ialloc.c16
-rw-r--r--fs/ufs/super.c21
-rw-r--r--fs/ufs/ufs.h1
-rw-r--r--fs/xfs/xfs_export.c3
-rw-r--r--include/linux/fs.h5
-rw-r--r--include/linux/lglock.h19
-rw-r--r--include/linux/security.h12
-rw-r--r--kernel/audit.c2
-rw-r--r--mm/shmem.c6
-rw-r--r--security/capability.c4
-rw-r--r--security/security.c4
-rw-r--r--security/selinux/hooks.c4
-rw-r--r--security/smack/smack_lsm.c4
-rw-r--r--security/tomoyo/common.h2
-rw-r--r--security/tomoyo/mount.c5
-rw-r--r--security/tomoyo/tomoyo.c4
39 files changed, 166 insertions, 170 deletions
diff --git a/fs/ceph/export.c b/fs/ceph/export.c
index 8e1b60e557b6..02ce90972d81 100644
--- a/fs/ceph/export.c
+++ b/fs/ceph/export.c
@@ -99,7 +99,7 @@ static int ceph_encode_fh(struct inode *inode, u32 *rawfh, int *max_len,
99 * FIXME: we should try harder by querying the mds for the ino. 99 * FIXME: we should try harder by querying the mds for the ino.
100 */ 100 */
101static struct dentry *__fh_to_dentry(struct super_block *sb, 101static struct dentry *__fh_to_dentry(struct super_block *sb,
102 struct ceph_nfs_fh *fh) 102 struct ceph_nfs_fh *fh, int fh_len)
103{ 103{
104 struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc; 104 struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc;
105 struct inode *inode; 105 struct inode *inode;
@@ -107,6 +107,9 @@ static struct dentry *__fh_to_dentry(struct super_block *sb,
107 struct ceph_vino vino; 107 struct ceph_vino vino;
108 int err; 108 int err;
109 109
110 if (fh_len < sizeof(*fh) / 4)
111 return ERR_PTR(-ESTALE);
112
110 dout("__fh_to_dentry %llx\n", fh->ino); 113 dout("__fh_to_dentry %llx\n", fh->ino);
111 vino.ino = fh->ino; 114 vino.ino = fh->ino;
112 vino.snap = CEPH_NOSNAP; 115 vino.snap = CEPH_NOSNAP;
@@ -150,7 +153,7 @@ static struct dentry *__fh_to_dentry(struct super_block *sb,
150 * convert connectable fh to dentry 153 * convert connectable fh to dentry
151 */ 154 */
152static struct dentry *__cfh_to_dentry(struct super_block *sb, 155static struct dentry *__cfh_to_dentry(struct super_block *sb,
153 struct ceph_nfs_confh *cfh) 156 struct ceph_nfs_confh *cfh, int fh_len)
154{ 157{
155 struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc; 158 struct ceph_mds_client *mdsc = ceph_sb_to_client(sb)->mdsc;
156 struct inode *inode; 159 struct inode *inode;
@@ -158,6 +161,9 @@ static struct dentry *__cfh_to_dentry(struct super_block *sb,
158 struct ceph_vino vino; 161 struct ceph_vino vino;
159 int err; 162 int err;
160 163
164 if (fh_len < sizeof(*cfh) / 4)
165 return ERR_PTR(-ESTALE);
166
161 dout("__cfh_to_dentry %llx (%llx/%x)\n", 167 dout("__cfh_to_dentry %llx (%llx/%x)\n",
162 cfh->ino, cfh->parent_ino, cfh->parent_name_hash); 168 cfh->ino, cfh->parent_ino, cfh->parent_name_hash);
163 169
@@ -207,9 +213,11 @@ static struct dentry *ceph_fh_to_dentry(struct super_block *sb, struct fid *fid,
207 int fh_len, int fh_type) 213 int fh_len, int fh_type)
208{ 214{
209 if (fh_type == 1) 215 if (fh_type == 1)
210 return __fh_to_dentry(sb, (struct ceph_nfs_fh *)fid->raw); 216 return __fh_to_dentry(sb, (struct ceph_nfs_fh *)fid->raw,
217 fh_len);
211 else 218 else
212 return __cfh_to_dentry(sb, (struct ceph_nfs_confh *)fid->raw); 219 return __cfh_to_dentry(sb, (struct ceph_nfs_confh *)fid->raw,
220 fh_len);
213} 221}
214 222
215/* 223/*
@@ -230,6 +238,8 @@ static struct dentry *ceph_fh_to_parent(struct super_block *sb,
230 238
231 if (fh_type == 1) 239 if (fh_type == 1)
232 return ERR_PTR(-ESTALE); 240 return ERR_PTR(-ESTALE);
241 if (fh_len < sizeof(*cfh) / 4)
242 return ERR_PTR(-ESTALE);
233 243
234 pr_debug("fh_to_parent %llx/%d\n", cfh->parent_ino, 244 pr_debug("fh_to_parent %llx/%d\n", cfh->parent_ino,
235 cfh->parent_name_hash); 245 cfh->parent_name_hash);
diff --git a/fs/exofs/super.c b/fs/exofs/super.c
index 59e3bbfac0b1..5e59280d42d7 100644
--- a/fs/exofs/super.c
+++ b/fs/exofs/super.c
@@ -389,8 +389,6 @@ static int exofs_sync_fs(struct super_block *sb, int wait)
389 if (unlikely(ret)) 389 if (unlikely(ret))
390 goto out; 390 goto out;
391 391
392 lock_super(sb);
393
394 ios->length = offsetof(struct exofs_fscb, s_dev_table_oid); 392 ios->length = offsetof(struct exofs_fscb, s_dev_table_oid);
395 memset(fscb, 0, ios->length); 393 memset(fscb, 0, ios->length);
396 fscb->s_nextid = cpu_to_le64(sbi->s_nextid); 394 fscb->s_nextid = cpu_to_le64(sbi->s_nextid);
@@ -406,8 +404,6 @@ static int exofs_sync_fs(struct super_block *sb, int wait)
406 if (unlikely(ret)) 404 if (unlikely(ret))
407 EXOFS_ERR("%s: ore_write failed.\n", __func__); 405 EXOFS_ERR("%s: ore_write failed.\n", __func__);
408 406
409
410 unlock_super(sb);
411out: 407out:
412 EXOFS_DBGMSG("s_nextid=0x%llx ret=%d\n", _LLU(sbi->s_nextid), ret); 408 EXOFS_DBGMSG("s_nextid=0x%llx ret=%d\n", _LLU(sbi->s_nextid), ret);
413 ore_put_io_state(ios); 409 ore_put_io_state(ios);
diff --git a/fs/ext3/super.c b/fs/ext3/super.c
index 17ae5c83d234..29e79713c7eb 100644
--- a/fs/ext3/super.c
+++ b/fs/ext3/super.c
@@ -2578,11 +2578,9 @@ out:
2578static int ext3_unfreeze(struct super_block *sb) 2578static int ext3_unfreeze(struct super_block *sb)
2579{ 2579{
2580 if (!(sb->s_flags & MS_RDONLY)) { 2580 if (!(sb->s_flags & MS_RDONLY)) {
2581 lock_super(sb);
2582 /* Reser the needs_recovery flag before the fs is unlocked. */ 2581 /* Reser the needs_recovery flag before the fs is unlocked. */
2583 EXT3_SET_INCOMPAT_FEATURE(sb, EXT3_FEATURE_INCOMPAT_RECOVER); 2582 EXT3_SET_INCOMPAT_FEATURE(sb, EXT3_FEATURE_INCOMPAT_RECOVER);
2584 ext3_commit_super(sb, EXT3_SB(sb)->s_es, 1); 2583 ext3_commit_super(sb, EXT3_SB(sb)->s_es, 1);
2585 unlock_super(sb);
2586 journal_unlock_updates(EXT3_SB(sb)->s_journal); 2584 journal_unlock_updates(EXT3_SB(sb)->s_journal);
2587 } 2585 }
2588 return 0; 2586 return 0;
@@ -2602,7 +2600,6 @@ static int ext3_remount (struct super_block * sb, int * flags, char * data)
2602#endif 2600#endif
2603 2601
2604 /* Store the original options */ 2602 /* Store the original options */
2605 lock_super(sb);
2606 old_sb_flags = sb->s_flags; 2603 old_sb_flags = sb->s_flags;
2607 old_opts.s_mount_opt = sbi->s_mount_opt; 2604 old_opts.s_mount_opt = sbi->s_mount_opt;
2608 old_opts.s_resuid = sbi->s_resuid; 2605 old_opts.s_resuid = sbi->s_resuid;
@@ -2708,8 +2705,6 @@ static int ext3_remount (struct super_block * sb, int * flags, char * data)
2708 old_opts.s_qf_names[i] != sbi->s_qf_names[i]) 2705 old_opts.s_qf_names[i] != sbi->s_qf_names[i])
2709 kfree(old_opts.s_qf_names[i]); 2706 kfree(old_opts.s_qf_names[i]);
2710#endif 2707#endif
2711 unlock_super(sb);
2712
2713 if (enable_quota) 2708 if (enable_quota)
2714 dquot_resume(sb, -1); 2709 dquot_resume(sb, -1);
2715 return 0; 2710 return 0;
@@ -2728,7 +2723,6 @@ restore_opts:
2728 sbi->s_qf_names[i] = old_opts.s_qf_names[i]; 2723 sbi->s_qf_names[i] = old_opts.s_qf_names[i];
2729 } 2724 }
2730#endif 2725#endif
2731 unlock_super(sb);
2732 return err; 2726 return err;
2733} 2727}
2734 2728
diff --git a/fs/fat/dir.c b/fs/fat/dir.c
index bca6d0a1255e..2a182342442e 100644
--- a/fs/fat/dir.c
+++ b/fs/fat/dir.c
@@ -571,7 +571,7 @@ static int __fat_readdir(struct inode *inode, struct file *filp, void *dirent,
571 int short_len = 0, fill_len = 0; 571 int short_len = 0, fill_len = 0;
572 int ret = 0; 572 int ret = 0;
573 573
574 lock_super(sb); 574 mutex_lock(&sbi->s_lock);
575 575
576 cpos = filp->f_pos; 576 cpos = filp->f_pos;
577 /* Fake . and .. for the root directory. */ 577 /* Fake . and .. for the root directory. */
@@ -693,7 +693,7 @@ fill_failed:
693 if (unicode) 693 if (unicode)
694 __putname(unicode); 694 __putname(unicode);
695out: 695out:
696 unlock_super(sb); 696 mutex_unlock(&sbi->s_lock);
697 return ret; 697 return ret;
698} 698}
699 699
diff --git a/fs/fat/fat.h b/fs/fat/fat.h
index ca7e8f8bad7c..623f36f0423b 100644
--- a/fs/fat/fat.h
+++ b/fs/fat/fat.h
@@ -71,8 +71,9 @@ struct msdos_sb_info {
71 unsigned long root_cluster; /* first cluster of the root directory */ 71 unsigned long root_cluster; /* first cluster of the root directory */
72 unsigned long fsinfo_sector; /* sector number of FAT32 fsinfo */ 72 unsigned long fsinfo_sector; /* sector number of FAT32 fsinfo */
73 struct mutex fat_lock; 73 struct mutex fat_lock;
74 unsigned int prev_free; /* previously allocated cluster number */ 74 struct mutex s_lock;
75 unsigned int free_clusters; /* -1 if undefined */ 75 unsigned int prev_free; /* previously allocated cluster number */
76 unsigned int free_clusters; /* -1 if undefined */
76 unsigned int free_clus_valid; /* is free_clusters valid? */ 77 unsigned int free_clus_valid; /* is free_clusters valid? */
77 struct fat_mount_options options; 78 struct fat_mount_options options;
78 struct nls_table *nls_disk; /* Codepage used on disk */ 79 struct nls_table *nls_disk; /* Codepage used on disk */
diff --git a/fs/fat/inode.c b/fs/fat/inode.c
index 76f60c642c06..5bafaad00530 100644
--- a/fs/fat/inode.c
+++ b/fs/fat/inode.c
@@ -673,9 +673,9 @@ static int fat_write_inode(struct inode *inode, struct writeback_control *wbc)
673 if (inode->i_ino == MSDOS_FSINFO_INO) { 673 if (inode->i_ino == MSDOS_FSINFO_INO) {
674 struct super_block *sb = inode->i_sb; 674 struct super_block *sb = inode->i_sb;
675 675
676 lock_super(sb); 676 mutex_lock(&MSDOS_SB(sb)->s_lock);
677 err = fat_clusters_flush(sb); 677 err = fat_clusters_flush(sb);
678 unlock_super(sb); 678 mutex_unlock(&MSDOS_SB(sb)->s_lock);
679 } else 679 } else
680 err = __fat_write_inode(inode, wbc->sync_mode == WB_SYNC_ALL); 680 err = __fat_write_inode(inode, wbc->sync_mode == WB_SYNC_ALL);
681 681
@@ -1268,6 +1268,7 @@ int fat_fill_super(struct super_block *sb, void *data, int silent, int isvfat,
1268 b = (struct fat_boot_sector *) bh->b_data; 1268 b = (struct fat_boot_sector *) bh->b_data;
1269 } 1269 }
1270 1270
1271 mutex_init(&sbi->s_lock);
1271 sbi->cluster_size = sb->s_blocksize * sbi->sec_per_clus; 1272 sbi->cluster_size = sb->s_blocksize * sbi->sec_per_clus;
1272 sbi->cluster_bits = ffs(sbi->cluster_size) - 1; 1273 sbi->cluster_bits = ffs(sbi->cluster_size) - 1;
1273 sbi->fats = b->fats; 1274 sbi->fats = b->fats;
diff --git a/fs/fat/namei_msdos.c b/fs/fat/namei_msdos.c
index c1055e778fff..e2cfda94a28d 100644
--- a/fs/fat/namei_msdos.c
+++ b/fs/fat/namei_msdos.c
@@ -208,7 +208,7 @@ static struct dentry *msdos_lookup(struct inode *dir, struct dentry *dentry,
208 struct inode *inode; 208 struct inode *inode;
209 int err; 209 int err;
210 210
211 lock_super(sb); 211 mutex_lock(&MSDOS_SB(sb)->s_lock);
212 err = msdos_find(dir, dentry->d_name.name, dentry->d_name.len, &sinfo); 212 err = msdos_find(dir, dentry->d_name.name, dentry->d_name.len, &sinfo);
213 switch (err) { 213 switch (err) {
214 case -ENOENT: 214 case -ENOENT:
@@ -221,7 +221,7 @@ static struct dentry *msdos_lookup(struct inode *dir, struct dentry *dentry,
221 default: 221 default:
222 inode = ERR_PTR(err); 222 inode = ERR_PTR(err);
223 } 223 }
224 unlock_super(sb); 224 mutex_unlock(&MSDOS_SB(sb)->s_lock);
225 return d_splice_alias(inode, dentry); 225 return d_splice_alias(inode, dentry);
226} 226}
227 227
@@ -273,7 +273,7 @@ static int msdos_create(struct inode *dir, struct dentry *dentry, umode_t mode,
273 unsigned char msdos_name[MSDOS_NAME]; 273 unsigned char msdos_name[MSDOS_NAME];
274 int err, is_hid; 274 int err, is_hid;
275 275
276 lock_super(sb); 276 mutex_lock(&MSDOS_SB(sb)->s_lock);
277 277
278 err = msdos_format_name(dentry->d_name.name, dentry->d_name.len, 278 err = msdos_format_name(dentry->d_name.name, dentry->d_name.len,
279 msdos_name, &MSDOS_SB(sb)->options); 279 msdos_name, &MSDOS_SB(sb)->options);
@@ -302,7 +302,7 @@ static int msdos_create(struct inode *dir, struct dentry *dentry, umode_t mode,
302 302
303 d_instantiate(dentry, inode); 303 d_instantiate(dentry, inode);
304out: 304out:
305 unlock_super(sb); 305 mutex_unlock(&MSDOS_SB(sb)->s_lock);
306 if (!err) 306 if (!err)
307 err = fat_flush_inodes(sb, dir, inode); 307 err = fat_flush_inodes(sb, dir, inode);
308 return err; 308 return err;
@@ -316,7 +316,7 @@ static int msdos_rmdir(struct inode *dir, struct dentry *dentry)
316 struct fat_slot_info sinfo; 316 struct fat_slot_info sinfo;
317 int err; 317 int err;
318 318
319 lock_super(sb); 319 mutex_lock(&MSDOS_SB(sb)->s_lock);
320 /* 320 /*
321 * Check whether the directory is not in use, then check 321 * Check whether the directory is not in use, then check
322 * whether it is empty. 322 * whether it is empty.
@@ -337,7 +337,7 @@ static int msdos_rmdir(struct inode *dir, struct dentry *dentry)
337 inode->i_ctime = CURRENT_TIME_SEC; 337 inode->i_ctime = CURRENT_TIME_SEC;
338 fat_detach(inode); 338 fat_detach(inode);
339out: 339out:
340 unlock_super(sb); 340 mutex_unlock(&MSDOS_SB(sb)->s_lock);
341 if (!err) 341 if (!err)
342 err = fat_flush_inodes(sb, dir, inode); 342 err = fat_flush_inodes(sb, dir, inode);
343 343
@@ -354,7 +354,7 @@ static int msdos_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
354 struct timespec ts; 354 struct timespec ts;
355 int err, is_hid, cluster; 355 int err, is_hid, cluster;
356 356
357 lock_super(sb); 357 mutex_lock(&MSDOS_SB(sb)->s_lock);
358 358
359 err = msdos_format_name(dentry->d_name.name, dentry->d_name.len, 359 err = msdos_format_name(dentry->d_name.name, dentry->d_name.len,
360 msdos_name, &MSDOS_SB(sb)->options); 360 msdos_name, &MSDOS_SB(sb)->options);
@@ -392,14 +392,14 @@ static int msdos_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
392 392
393 d_instantiate(dentry, inode); 393 d_instantiate(dentry, inode);
394 394
395 unlock_super(sb); 395 mutex_unlock(&MSDOS_SB(sb)->s_lock);
396 fat_flush_inodes(sb, dir, inode); 396 fat_flush_inodes(sb, dir, inode);
397 return 0; 397 return 0;
398 398
399out_free: 399out_free:
400 fat_free_clusters(dir, cluster); 400 fat_free_clusters(dir, cluster);
401out: 401out:
402 unlock_super(sb); 402 mutex_unlock(&MSDOS_SB(sb)->s_lock);
403 return err; 403 return err;
404} 404}
405 405
@@ -411,7 +411,7 @@ static int msdos_unlink(struct inode *dir, struct dentry *dentry)
411 struct fat_slot_info sinfo; 411 struct fat_slot_info sinfo;
412 int err; 412 int err;
413 413
414 lock_super(sb); 414 mutex_lock(&MSDOS_SB(sb)->s_lock);
415 err = msdos_find(dir, dentry->d_name.name, dentry->d_name.len, &sinfo); 415 err = msdos_find(dir, dentry->d_name.name, dentry->d_name.len, &sinfo);
416 if (err) 416 if (err)
417 goto out; 417 goto out;
@@ -423,7 +423,7 @@ static int msdos_unlink(struct inode *dir, struct dentry *dentry)
423 inode->i_ctime = CURRENT_TIME_SEC; 423 inode->i_ctime = CURRENT_TIME_SEC;
424 fat_detach(inode); 424 fat_detach(inode);
425out: 425out:
426 unlock_super(sb); 426 mutex_unlock(&MSDOS_SB(sb)->s_lock);
427 if (!err) 427 if (!err)
428 err = fat_flush_inodes(sb, dir, inode); 428 err = fat_flush_inodes(sb, dir, inode);
429 429
@@ -606,7 +606,7 @@ static int msdos_rename(struct inode *old_dir, struct dentry *old_dentry,
606 unsigned char old_msdos_name[MSDOS_NAME], new_msdos_name[MSDOS_NAME]; 606 unsigned char old_msdos_name[MSDOS_NAME], new_msdos_name[MSDOS_NAME];
607 int err, is_hid; 607 int err, is_hid;
608 608
609 lock_super(sb); 609 mutex_lock(&MSDOS_SB(sb)->s_lock);
610 610
611 err = msdos_format_name(old_dentry->d_name.name, 611 err = msdos_format_name(old_dentry->d_name.name,
612 old_dentry->d_name.len, old_msdos_name, 612 old_dentry->d_name.len, old_msdos_name,
@@ -625,7 +625,7 @@ static int msdos_rename(struct inode *old_dir, struct dentry *old_dentry,
625 err = do_msdos_rename(old_dir, old_msdos_name, old_dentry, 625 err = do_msdos_rename(old_dir, old_msdos_name, old_dentry,
626 new_dir, new_msdos_name, new_dentry, is_hid); 626 new_dir, new_msdos_name, new_dentry, is_hid);
627out: 627out:
628 unlock_super(sb); 628 mutex_unlock(&MSDOS_SB(sb)->s_lock);
629 if (!err) 629 if (!err)
630 err = fat_flush_inodes(sb, old_dir, new_dir); 630 err = fat_flush_inodes(sb, old_dir, new_dir);
631 return err; 631 return err;
diff --git a/fs/fat/namei_vfat.c b/fs/fat/namei_vfat.c
index e535dd75b986..ac959d655e7d 100644
--- a/fs/fat/namei_vfat.c
+++ b/fs/fat/namei_vfat.c
@@ -721,7 +721,7 @@ static struct dentry *vfat_lookup(struct inode *dir, struct dentry *dentry,
721 struct dentry *alias; 721 struct dentry *alias;
722 int err; 722 int err;
723 723
724 lock_super(sb); 724 mutex_lock(&MSDOS_SB(sb)->s_lock);
725 725
726 err = vfat_find(dir, &dentry->d_name, &sinfo); 726 err = vfat_find(dir, &dentry->d_name, &sinfo);
727 if (err) { 727 if (err) {
@@ -752,13 +752,13 @@ static struct dentry *vfat_lookup(struct inode *dir, struct dentry *dentry,
752 if (!S_ISDIR(inode->i_mode)) 752 if (!S_ISDIR(inode->i_mode))
753 d_move(alias, dentry); 753 d_move(alias, dentry);
754 iput(inode); 754 iput(inode);
755 unlock_super(sb); 755 mutex_unlock(&MSDOS_SB(sb)->s_lock);
756 return alias; 756 return alias;
757 } else 757 } else
758 dput(alias); 758 dput(alias);
759 759
760out: 760out:
761 unlock_super(sb); 761 mutex_unlock(&MSDOS_SB(sb)->s_lock);
762 dentry->d_time = dentry->d_parent->d_inode->i_version; 762 dentry->d_time = dentry->d_parent->d_inode->i_version;
763 dentry = d_splice_alias(inode, dentry); 763 dentry = d_splice_alias(inode, dentry);
764 if (dentry) 764 if (dentry)
@@ -766,7 +766,7 @@ out:
766 return dentry; 766 return dentry;
767 767
768error: 768error:
769 unlock_super(sb); 769 mutex_unlock(&MSDOS_SB(sb)->s_lock);
770 return ERR_PTR(err); 770 return ERR_PTR(err);
771} 771}
772 772
@@ -779,7 +779,7 @@ static int vfat_create(struct inode *dir, struct dentry *dentry, umode_t mode,
779 struct timespec ts; 779 struct timespec ts;
780 int err; 780 int err;
781 781
782 lock_super(sb); 782 mutex_lock(&MSDOS_SB(sb)->s_lock);
783 783
784 ts = CURRENT_TIME_SEC; 784 ts = CURRENT_TIME_SEC;
785 err = vfat_add_entry(dir, &dentry->d_name, 0, 0, &ts, &sinfo); 785 err = vfat_add_entry(dir, &dentry->d_name, 0, 0, &ts, &sinfo);
@@ -800,7 +800,7 @@ static int vfat_create(struct inode *dir, struct dentry *dentry, umode_t mode,
800 dentry->d_time = dentry->d_parent->d_inode->i_version; 800 dentry->d_time = dentry->d_parent->d_inode->i_version;
801 d_instantiate(dentry, inode); 801 d_instantiate(dentry, inode);
802out: 802out:
803 unlock_super(sb); 803 mutex_unlock(&MSDOS_SB(sb)->s_lock);
804 return err; 804 return err;
805} 805}
806 806
@@ -811,7 +811,7 @@ static int vfat_rmdir(struct inode *dir, struct dentry *dentry)
811 struct fat_slot_info sinfo; 811 struct fat_slot_info sinfo;
812 int err; 812 int err;
813 813
814 lock_super(sb); 814 mutex_lock(&MSDOS_SB(sb)->s_lock);
815 815
816 err = fat_dir_empty(inode); 816 err = fat_dir_empty(inode);
817 if (err) 817 if (err)
@@ -829,7 +829,7 @@ static int vfat_rmdir(struct inode *dir, struct dentry *dentry)
829 inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC; 829 inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC;
830 fat_detach(inode); 830 fat_detach(inode);
831out: 831out:
832 unlock_super(sb); 832 mutex_unlock(&MSDOS_SB(sb)->s_lock);
833 833
834 return err; 834 return err;
835} 835}
@@ -841,7 +841,7 @@ static int vfat_unlink(struct inode *dir, struct dentry *dentry)
841 struct fat_slot_info sinfo; 841 struct fat_slot_info sinfo;
842 int err; 842 int err;
843 843
844 lock_super(sb); 844 mutex_lock(&MSDOS_SB(sb)->s_lock);
845 845
846 err = vfat_find(dir, &dentry->d_name, &sinfo); 846 err = vfat_find(dir, &dentry->d_name, &sinfo);
847 if (err) 847 if (err)
@@ -854,7 +854,7 @@ static int vfat_unlink(struct inode *dir, struct dentry *dentry)
854 inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC; 854 inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC;
855 fat_detach(inode); 855 fat_detach(inode);
856out: 856out:
857 unlock_super(sb); 857 mutex_unlock(&MSDOS_SB(sb)->s_lock);
858 858
859 return err; 859 return err;
860} 860}
@@ -867,7 +867,7 @@ static int vfat_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
867 struct timespec ts; 867 struct timespec ts;
868 int err, cluster; 868 int err, cluster;
869 869
870 lock_super(sb); 870 mutex_lock(&MSDOS_SB(sb)->s_lock);
871 871
872 ts = CURRENT_TIME_SEC; 872 ts = CURRENT_TIME_SEC;
873 cluster = fat_alloc_new_dir(dir, &ts); 873 cluster = fat_alloc_new_dir(dir, &ts);
@@ -896,13 +896,13 @@ static int vfat_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
896 dentry->d_time = dentry->d_parent->d_inode->i_version; 896 dentry->d_time = dentry->d_parent->d_inode->i_version;
897 d_instantiate(dentry, inode); 897 d_instantiate(dentry, inode);
898 898
899 unlock_super(sb); 899 mutex_unlock(&MSDOS_SB(sb)->s_lock);
900 return 0; 900 return 0;
901 901
902out_free: 902out_free:
903 fat_free_clusters(dir, cluster); 903 fat_free_clusters(dir, cluster);
904out: 904out:
905 unlock_super(sb); 905 mutex_unlock(&MSDOS_SB(sb)->s_lock);
906 return err; 906 return err;
907} 907}
908 908
@@ -921,7 +921,7 @@ static int vfat_rename(struct inode *old_dir, struct dentry *old_dentry,
921 old_sinfo.bh = sinfo.bh = dotdot_bh = NULL; 921 old_sinfo.bh = sinfo.bh = dotdot_bh = NULL;
922 old_inode = old_dentry->d_inode; 922 old_inode = old_dentry->d_inode;
923 new_inode = new_dentry->d_inode; 923 new_inode = new_dentry->d_inode;
924 lock_super(sb); 924 mutex_lock(&MSDOS_SB(sb)->s_lock);
925 err = vfat_find(old_dir, &old_dentry->d_name, &old_sinfo); 925 err = vfat_find(old_dir, &old_dentry->d_name, &old_sinfo);
926 if (err) 926 if (err)
927 goto out; 927 goto out;
@@ -996,7 +996,7 @@ out:
996 brelse(sinfo.bh); 996 brelse(sinfo.bh);
997 brelse(dotdot_bh); 997 brelse(dotdot_bh);
998 brelse(old_sinfo.bh); 998 brelse(old_sinfo.bh);
999 unlock_super(sb); 999 mutex_unlock(&MSDOS_SB(sb)->s_lock);
1000 1000
1001 return err; 1001 return err;
1002 1002
diff --git a/fs/file.c b/fs/file.c
index 0f1bda4bebfa..d3b5fa80b71b 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -922,6 +922,9 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
922 if ((flags & ~O_CLOEXEC) != 0) 922 if ((flags & ~O_CLOEXEC) != 0)
923 return -EINVAL; 923 return -EINVAL;
924 924
925 if (unlikely(oldfd == newfd))
926 return -EINVAL;
927
925 if (newfd >= rlimit(RLIMIT_NOFILE)) 928 if (newfd >= rlimit(RLIMIT_NOFILE))
926 return -EMFILE; 929 return -EMFILE;
927 930
diff --git a/fs/file_table.c b/fs/file_table.c
index dac67923330f..a72bf9ddd0d2 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -36,7 +36,7 @@ struct files_stat_struct files_stat = {
36 .max_files = NR_FILE 36 .max_files = NR_FILE
37}; 37};
38 38
39DEFINE_LGLOCK(files_lglock); 39DEFINE_STATIC_LGLOCK(files_lglock);
40 40
41/* SLAB cache for file structures */ 41/* SLAB cache for file structures */
42static struct kmem_cache *filp_cachep __read_mostly; 42static struct kmem_cache *filp_cachep __read_mostly;
diff --git a/fs/gfs2/export.c b/fs/gfs2/export.c
index e8ed6d4a6181..4767774a5f3e 100644
--- a/fs/gfs2/export.c
+++ b/fs/gfs2/export.c
@@ -161,6 +161,8 @@ static struct dentry *gfs2_fh_to_dentry(struct super_block *sb, struct fid *fid,
161 case GFS2_SMALL_FH_SIZE: 161 case GFS2_SMALL_FH_SIZE:
162 case GFS2_LARGE_FH_SIZE: 162 case GFS2_LARGE_FH_SIZE:
163 case GFS2_OLD_FH_SIZE: 163 case GFS2_OLD_FH_SIZE:
164 if (fh_len < GFS2_SMALL_FH_SIZE)
165 return NULL;
164 this.no_formal_ino = ((u64)be32_to_cpu(fh[0])) << 32; 166 this.no_formal_ino = ((u64)be32_to_cpu(fh[0])) << 32;
165 this.no_formal_ino |= be32_to_cpu(fh[1]); 167 this.no_formal_ino |= be32_to_cpu(fh[1]);
166 this.no_addr = ((u64)be32_to_cpu(fh[2])) << 32; 168 this.no_addr = ((u64)be32_to_cpu(fh[2])) << 32;
@@ -180,6 +182,8 @@ static struct dentry *gfs2_fh_to_parent(struct super_block *sb, struct fid *fid,
180 switch (fh_type) { 182 switch (fh_type) {
181 case GFS2_LARGE_FH_SIZE: 183 case GFS2_LARGE_FH_SIZE:
182 case GFS2_OLD_FH_SIZE: 184 case GFS2_OLD_FH_SIZE:
185 if (fh_len < GFS2_LARGE_FH_SIZE)
186 return NULL;
183 parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32; 187 parent.no_formal_ino = ((u64)be32_to_cpu(fh[4])) << 32;
184 parent.no_formal_ino |= be32_to_cpu(fh[5]); 188 parent.no_formal_ino |= be32_to_cpu(fh[5]);
185 parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32; 189 parent.no_addr = ((u64)be32_to_cpu(fh[6])) << 32;
diff --git a/fs/hpfs/super.c b/fs/hpfs/super.c
index bc28bf077a6a..a3076228523d 100644
--- a/fs/hpfs/super.c
+++ b/fs/hpfs/super.c
@@ -398,7 +398,6 @@ static int hpfs_remount_fs(struct super_block *s, int *flags, char *data)
398 *flags |= MS_NOATIME; 398 *flags |= MS_NOATIME;
399 399
400 hpfs_lock(s); 400 hpfs_lock(s);
401 lock_super(s);
402 uid = sbi->sb_uid; gid = sbi->sb_gid; 401 uid = sbi->sb_uid; gid = sbi->sb_gid;
403 umask = 0777 & ~sbi->sb_mode; 402 umask = 0777 & ~sbi->sb_mode;
404 lowercase = sbi->sb_lowercase; 403 lowercase = sbi->sb_lowercase;
@@ -431,12 +430,10 @@ static int hpfs_remount_fs(struct super_block *s, int *flags, char *data)
431 430
432 replace_mount_options(s, new_opts); 431 replace_mount_options(s, new_opts);
433 432
434 unlock_super(s);
435 hpfs_unlock(s); 433 hpfs_unlock(s);
436 return 0; 434 return 0;
437 435
438out_err: 436out_err:
439 unlock_super(s);
440 hpfs_unlock(s); 437 hpfs_unlock(s);
441 kfree(new_opts); 438 kfree(new_opts);
442 return -EINVAL; 439 return -EINVAL;
diff --git a/fs/isofs/export.c b/fs/isofs/export.c
index 1d3804492aa7..2b4f2358eadb 100644
--- a/fs/isofs/export.c
+++ b/fs/isofs/export.c
@@ -175,7 +175,7 @@ static struct dentry *isofs_fh_to_parent(struct super_block *sb,
175{ 175{
176 struct isofs_fid *ifid = (struct isofs_fid *)fid; 176 struct isofs_fid *ifid = (struct isofs_fid *)fid;
177 177
178 if (fh_type != 2) 178 if (fh_len < 2 || fh_type != 2)
179 return NULL; 179 return NULL;
180 180
181 return isofs_export_iget(sb, 181 return isofs_export_iget(sb,
diff --git a/fs/namei.c b/fs/namei.c
index aa30d19e9edd..c1f18e4f034c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -692,9 +692,9 @@ static inline int may_follow_link(struct path *link, struct nameidata *nd)
692 if (uid_eq(parent->i_uid, inode->i_uid)) 692 if (uid_eq(parent->i_uid, inode->i_uid))
693 return 0; 693 return 0;
694 694
695 audit_log_link_denied("follow_link", link);
695 path_put_conditional(link, nd); 696 path_put_conditional(link, nd);
696 path_put(&nd->path); 697 path_put(&nd->path);
697 audit_log_link_denied("follow_link", link);
698 return -EACCES; 698 return -EACCES;
699} 699}
700 700
@@ -810,6 +810,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
810 return error; 810 return error;
811 811
812out_put_nd_path: 812out_put_nd_path:
813 *p = NULL;
813 path_put(&nd->path); 814 path_put(&nd->path);
814 path_put(link); 815 path_put(link);
815 return error; 816 return error;
diff --git a/fs/namespace.c b/fs/namespace.c
index 7bdf7907413f..fc33207e28ad 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1640,7 +1640,7 @@ static int do_change_type(struct path *path, int flag)
1640/* 1640/*
1641 * do loopback mount. 1641 * do loopback mount.
1642 */ 1642 */
1643static int do_loopback(struct path *path, char *old_name, 1643static int do_loopback(struct path *path, const char *old_name,
1644 int recurse) 1644 int recurse)
1645{ 1645{
1646 LIST_HEAD(umount_list); 1646 LIST_HEAD(umount_list);
@@ -1764,7 +1764,7 @@ static inline int tree_contains_unbindable(struct mount *mnt)
1764 return 0; 1764 return 0;
1765} 1765}
1766 1766
1767static int do_move_mount(struct path *path, char *old_name) 1767static int do_move_mount(struct path *path, const char *old_name)
1768{ 1768{
1769 struct path old_path, parent_path; 1769 struct path old_path, parent_path;
1770 struct mount *p; 1770 struct mount *p;
@@ -1917,8 +1917,8 @@ unlock:
1917 * create a new mount for userspace and request it to be added into the 1917 * create a new mount for userspace and request it to be added into the
1918 * namespace's tree 1918 * namespace's tree
1919 */ 1919 */
1920static int do_new_mount(struct path *path, char *type, int flags, 1920static int do_new_mount(struct path *path, const char *type, int flags,
1921 int mnt_flags, char *name, void *data) 1921 int mnt_flags, const char *name, void *data)
1922{ 1922{
1923 struct vfsmount *mnt; 1923 struct vfsmount *mnt;
1924 int err; 1924 int err;
@@ -2191,8 +2191,8 @@ int copy_mount_string(const void __user *data, char **where)
2191 * Therefore, if this magic number is present, it carries no information 2191 * Therefore, if this magic number is present, it carries no information
2192 * and must be discarded. 2192 * and must be discarded.
2193 */ 2193 */
2194long do_mount(char *dev_name, char *dir_name, char *type_page, 2194long do_mount(const char *dev_name, const char *dir_name,
2195 unsigned long flags, void *data_page) 2195 const char *type_page, unsigned long flags, void *data_page)
2196{ 2196{
2197 struct path path; 2197 struct path path;
2198 int retval = 0; 2198 int retval = 0;
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
index 46485557cdc6..f27f01a98aa2 100644
--- a/fs/reiserfs/inode.c
+++ b/fs/reiserfs/inode.c
@@ -1573,8 +1573,10 @@ struct dentry *reiserfs_fh_to_dentry(struct super_block *sb, struct fid *fid,
1573 reiserfs_warning(sb, "reiserfs-13077", 1573 reiserfs_warning(sb, "reiserfs-13077",
1574 "nfsd/reiserfs, fhtype=%d, len=%d - odd", 1574 "nfsd/reiserfs, fhtype=%d, len=%d - odd",
1575 fh_type, fh_len); 1575 fh_type, fh_len);
1576 fh_type = 5; 1576 fh_type = fh_len;
1577 } 1577 }
1578 if (fh_len < 2)
1579 return NULL;
1578 1580
1579 return reiserfs_get_dentry(sb, fid->raw[0], fid->raw[1], 1581 return reiserfs_get_dentry(sb, fid->raw[0], fid->raw[1],
1580 (fh_type == 3 || fh_type >= 5) ? fid->raw[2] : 0); 1582 (fh_type == 3 || fh_type >= 5) ? fid->raw[2] : 0);
@@ -1583,6 +1585,8 @@ struct dentry *reiserfs_fh_to_dentry(struct super_block *sb, struct fid *fid,
1583struct dentry *reiserfs_fh_to_parent(struct super_block *sb, struct fid *fid, 1585struct dentry *reiserfs_fh_to_parent(struct super_block *sb, struct fid *fid,
1584 int fh_len, int fh_type) 1586 int fh_len, int fh_type)
1585{ 1587{
1588 if (fh_type > fh_len)
1589 fh_type = fh_len;
1586 if (fh_type < 4) 1590 if (fh_type < 4)
1587 return NULL; 1591 return NULL;
1588 1592
diff --git a/fs/super.c b/fs/super.c
index a3bc935069d9..12f123712161 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -186,15 +186,8 @@ static struct super_block *alloc_super(struct file_system_type *type, int flags)
186 spin_lock_init(&s->s_inode_lru_lock); 186 spin_lock_init(&s->s_inode_lru_lock);
187 INIT_LIST_HEAD(&s->s_mounts); 187 INIT_LIST_HEAD(&s->s_mounts);
188 init_rwsem(&s->s_umount); 188 init_rwsem(&s->s_umount);
189 mutex_init(&s->s_lock);
190 lockdep_set_class(&s->s_umount, &type->s_umount_key); 189 lockdep_set_class(&s->s_umount, &type->s_umount_key);
191 /* 190 /*
192 * The locking rules for s_lock are up to the
193 * filesystem. For example ext3fs has different
194 * lock ordering than usbfs:
195 */
196 lockdep_set_class(&s->s_lock, &type->s_lock_key);
197 /*
198 * sget() can have s_umount recursion. 191 * sget() can have s_umount recursion.
199 * 192 *
200 * When it cannot find a suitable sb, it allocates a new 193 * When it cannot find a suitable sb, it allocates a new
@@ -394,22 +387,6 @@ bool grab_super_passive(struct super_block *sb)
394 return false; 387 return false;
395} 388}
396 389
397/*
398 * Superblock locking. We really ought to get rid of these two.
399 */
400void lock_super(struct super_block * sb)
401{
402 mutex_lock(&sb->s_lock);
403}
404
405void unlock_super(struct super_block * sb)
406{
407 mutex_unlock(&sb->s_lock);
408}
409
410EXPORT_SYMBOL(lock_super);
411EXPORT_SYMBOL(unlock_super);
412
413/** 390/**
414 * generic_shutdown_super - common helper for ->kill_sb() 391 * generic_shutdown_super - common helper for ->kill_sb()
415 * @sb: superblock to kill 392 * @sb: superblock to kill
diff --git a/fs/sysv/balloc.c b/fs/sysv/balloc.c
index 9a6ad96acf27..921c053fc052 100644
--- a/fs/sysv/balloc.c
+++ b/fs/sysv/balloc.c
@@ -60,12 +60,12 @@ void sysv_free_block(struct super_block * sb, sysv_zone_t nr)
60 return; 60 return;
61 } 61 }
62 62
63 lock_super(sb); 63 mutex_lock(&sbi->s_lock);
64 count = fs16_to_cpu(sbi, *sbi->s_bcache_count); 64 count = fs16_to_cpu(sbi, *sbi->s_bcache_count);
65 65
66 if (count > sbi->s_flc_size) { 66 if (count > sbi->s_flc_size) {
67 printk("sysv_free_block: flc_count > flc_size\n"); 67 printk("sysv_free_block: flc_count > flc_size\n");
68 unlock_super(sb); 68 mutex_unlock(&sbi->s_lock);
69 return; 69 return;
70 } 70 }
71 /* If the free list head in super-block is full, it is copied 71 /* If the free list head in super-block is full, it is copied
@@ -77,7 +77,7 @@ void sysv_free_block(struct super_block * sb, sysv_zone_t nr)
77 bh = sb_getblk(sb, block); 77 bh = sb_getblk(sb, block);
78 if (!bh) { 78 if (!bh) {
79 printk("sysv_free_block: getblk() failed\n"); 79 printk("sysv_free_block: getblk() failed\n");
80 unlock_super(sb); 80 mutex_unlock(&sbi->s_lock);
81 return; 81 return;
82 } 82 }
83 memset(bh->b_data, 0, sb->s_blocksize); 83 memset(bh->b_data, 0, sb->s_blocksize);
@@ -93,7 +93,7 @@ void sysv_free_block(struct super_block * sb, sysv_zone_t nr)
93 *sbi->s_bcache_count = cpu_to_fs16(sbi, count); 93 *sbi->s_bcache_count = cpu_to_fs16(sbi, count);
94 fs32_add(sbi, sbi->s_free_blocks, 1); 94 fs32_add(sbi, sbi->s_free_blocks, 1);
95 dirty_sb(sb); 95 dirty_sb(sb);
96 unlock_super(sb); 96 mutex_unlock(&sbi->s_lock);
97} 97}
98 98
99sysv_zone_t sysv_new_block(struct super_block * sb) 99sysv_zone_t sysv_new_block(struct super_block * sb)
@@ -104,7 +104,7 @@ sysv_zone_t sysv_new_block(struct super_block * sb)
104 struct buffer_head * bh; 104 struct buffer_head * bh;
105 unsigned count; 105 unsigned count;
106 106
107 lock_super(sb); 107 mutex_lock(&sbi->s_lock);
108 count = fs16_to_cpu(sbi, *sbi->s_bcache_count); 108 count = fs16_to_cpu(sbi, *sbi->s_bcache_count);
109 109
110 if (count == 0) /* Applies only to Coherent FS */ 110 if (count == 0) /* Applies only to Coherent FS */
@@ -147,11 +147,11 @@ sysv_zone_t sysv_new_block(struct super_block * sb)
147 /* Now the free list head in the superblock is valid again. */ 147 /* Now the free list head in the superblock is valid again. */
148 fs32_add(sbi, sbi->s_free_blocks, -1); 148 fs32_add(sbi, sbi->s_free_blocks, -1);
149 dirty_sb(sb); 149 dirty_sb(sb);
150 unlock_super(sb); 150 mutex_unlock(&sbi->s_lock);
151 return nr; 151 return nr;
152 152
153Enospc: 153Enospc:
154 unlock_super(sb); 154 mutex_unlock(&sbi->s_lock);
155 return 0; 155 return 0;
156} 156}
157 157
@@ -173,7 +173,7 @@ unsigned long sysv_count_free_blocks(struct super_block * sb)
173 if (sbi->s_type == FSTYPE_AFS) 173 if (sbi->s_type == FSTYPE_AFS)
174 return 0; 174 return 0;
175 175
176 lock_super(sb); 176 mutex_lock(&sbi->s_lock);
177 sb_count = fs32_to_cpu(sbi, *sbi->s_free_blocks); 177 sb_count = fs32_to_cpu(sbi, *sbi->s_free_blocks);
178 178
179 if (0) 179 if (0)
@@ -211,7 +211,7 @@ unsigned long sysv_count_free_blocks(struct super_block * sb)
211 if (count != sb_count) 211 if (count != sb_count)
212 goto Ecount; 212 goto Ecount;
213done: 213done:
214 unlock_super(sb); 214 mutex_unlock(&sbi->s_lock);
215 return count; 215 return count;
216 216
217Einval: 217Einval:
diff --git a/fs/sysv/ialloc.c b/fs/sysv/ialloc.c
index 8233b02eccae..f9db4eb31db4 100644
--- a/fs/sysv/ialloc.c
+++ b/fs/sysv/ialloc.c
@@ -118,7 +118,7 @@ void sysv_free_inode(struct inode * inode)
118 "%s\n", inode->i_sb->s_id); 118 "%s\n", inode->i_sb->s_id);
119 return; 119 return;
120 } 120 }
121 lock_super(sb); 121 mutex_lock(&sbi->s_lock);
122 count = fs16_to_cpu(sbi, *sbi->s_sb_fic_count); 122 count = fs16_to_cpu(sbi, *sbi->s_sb_fic_count);
123 if (count < sbi->s_fic_size) { 123 if (count < sbi->s_fic_size) {
124 *sv_sb_fic_inode(sb,count++) = cpu_to_fs16(sbi, ino); 124 *sv_sb_fic_inode(sb,count++) = cpu_to_fs16(sbi, ino);
@@ -128,7 +128,7 @@ void sysv_free_inode(struct inode * inode)
128 dirty_sb(sb); 128 dirty_sb(sb);
129 memset(raw_inode, 0, sizeof(struct sysv_inode)); 129 memset(raw_inode, 0, sizeof(struct sysv_inode));
130 mark_buffer_dirty(bh); 130 mark_buffer_dirty(bh);
131 unlock_super(sb); 131 mutex_unlock(&sbi->s_lock);
132 brelse(bh); 132 brelse(bh);
133} 133}
134 134
@@ -147,13 +147,13 @@ struct inode * sysv_new_inode(const struct inode * dir, umode_t mode)
147 if (!inode) 147 if (!inode)
148 return ERR_PTR(-ENOMEM); 148 return ERR_PTR(-ENOMEM);
149 149
150 lock_super(sb); 150 mutex_lock(&sbi->s_lock);
151 count = fs16_to_cpu(sbi, *sbi->s_sb_fic_count); 151 count = fs16_to_cpu(sbi, *sbi->s_sb_fic_count);
152 if (count == 0 || (*sv_sb_fic_inode(sb,count-1) == 0)) { 152 if (count == 0 || (*sv_sb_fic_inode(sb,count-1) == 0)) {
153 count = refill_free_cache(sb); 153 count = refill_free_cache(sb);
154 if (count == 0) { 154 if (count == 0) {
155 iput(inode); 155 iput(inode);
156 unlock_super(sb); 156 mutex_unlock(&sbi->s_lock);
157 return ERR_PTR(-ENOSPC); 157 return ERR_PTR(-ENOSPC);
158 } 158 }
159 } 159 }
@@ -174,7 +174,7 @@ struct inode * sysv_new_inode(const struct inode * dir, umode_t mode)
174 sysv_write_inode(inode, &wbc); /* ensure inode not allocated again */ 174 sysv_write_inode(inode, &wbc); /* ensure inode not allocated again */
175 mark_inode_dirty(inode); /* cleared by sysv_write_inode() */ 175 mark_inode_dirty(inode); /* cleared by sysv_write_inode() */
176 /* That's it. */ 176 /* That's it. */
177 unlock_super(sb); 177 mutex_unlock(&sbi->s_lock);
178 return inode; 178 return inode;
179} 179}
180 180
@@ -185,7 +185,7 @@ unsigned long sysv_count_free_inodes(struct super_block * sb)
185 struct sysv_inode * raw_inode; 185 struct sysv_inode * raw_inode;
186 int ino, count, sb_count; 186 int ino, count, sb_count;
187 187
188 lock_super(sb); 188 mutex_lock(&sbi->s_lock);
189 189
190 sb_count = fs16_to_cpu(sbi, *sbi->s_sb_total_free_inodes); 190 sb_count = fs16_to_cpu(sbi, *sbi->s_sb_total_free_inodes);
191 191
@@ -213,7 +213,7 @@ unsigned long sysv_count_free_inodes(struct super_block * sb)
213 if (count != sb_count) 213 if (count != sb_count)
214 goto Einval; 214 goto Einval;
215out: 215out:
216 unlock_super(sb); 216 mutex_unlock(&sbi->s_lock);
217 return count; 217 return count;
218 218
219Einval: 219Einval:
diff --git a/fs/sysv/inode.c b/fs/sysv/inode.c
index d33e506c1eac..c327d4ee1235 100644
--- a/fs/sysv/inode.c
+++ b/fs/sysv/inode.c
@@ -36,7 +36,7 @@ static int sysv_sync_fs(struct super_block *sb, int wait)
36 struct sysv_sb_info *sbi = SYSV_SB(sb); 36 struct sysv_sb_info *sbi = SYSV_SB(sb);
37 unsigned long time = get_seconds(), old_time; 37 unsigned long time = get_seconds(), old_time;
38 38
39 lock_super(sb); 39 mutex_lock(&sbi->s_lock);
40 40
41 /* 41 /*
42 * If we are going to write out the super block, 42 * If we are going to write out the super block,
@@ -51,7 +51,7 @@ static int sysv_sync_fs(struct super_block *sb, int wait)
51 mark_buffer_dirty(sbi->s_bh2); 51 mark_buffer_dirty(sbi->s_bh2);
52 } 52 }
53 53
54 unlock_super(sb); 54 mutex_unlock(&sbi->s_lock);
55 55
56 return 0; 56 return 0;
57} 57}
diff --git a/fs/sysv/super.c b/fs/sysv/super.c
index 7491c33b6468..a38e87bdd78d 100644
--- a/fs/sysv/super.c
+++ b/fs/sysv/super.c
@@ -368,6 +368,7 @@ static int sysv_fill_super(struct super_block *sb, void *data, int silent)
368 368
369 sbi->s_sb = sb; 369 sbi->s_sb = sb;
370 sbi->s_block_base = 0; 370 sbi->s_block_base = 0;
371 mutex_init(&sbi->s_lock);
371 sb->s_fs_info = sbi; 372 sb->s_fs_info = sbi;
372 373
373 sb_set_blocksize(sb, BLOCK_SIZE); 374 sb_set_blocksize(sb, BLOCK_SIZE);
diff --git a/fs/sysv/sysv.h b/fs/sysv/sysv.h
index 0bc35fdc58e2..69d488986cce 100644
--- a/fs/sysv/sysv.h
+++ b/fs/sysv/sysv.h
@@ -58,6 +58,7 @@ struct sysv_sb_info {
58 u32 s_nzones; /* same as s_sbd->s_fsize */ 58 u32 s_nzones; /* same as s_sbd->s_fsize */
59 u16 s_namelen; /* max length of dir entry */ 59 u16 s_namelen; /* max length of dir entry */
60 int s_forced_ro; 60 int s_forced_ro;
61 struct mutex s_lock;
61}; 62};
62 63
63/* 64/*
diff --git a/fs/ufs/balloc.c b/fs/ufs/balloc.c
index 1b3e410bf334..a7ea492ae660 100644
--- a/fs/ufs/balloc.c
+++ b/fs/ufs/balloc.c
@@ -54,7 +54,7 @@ void ufs_free_fragments(struct inode *inode, u64 fragment, unsigned count)
54 if (ufs_fragnum(fragment) + count > uspi->s_fpg) 54 if (ufs_fragnum(fragment) + count > uspi->s_fpg)
55 ufs_error (sb, "ufs_free_fragments", "internal error"); 55 ufs_error (sb, "ufs_free_fragments", "internal error");
56 56
57 lock_super(sb); 57 mutex_lock(&UFS_SB(sb)->s_lock);
58 58
59 cgno = ufs_dtog(uspi, fragment); 59 cgno = ufs_dtog(uspi, fragment);
60 bit = ufs_dtogd(uspi, fragment); 60 bit = ufs_dtogd(uspi, fragment);
@@ -118,12 +118,12 @@ void ufs_free_fragments(struct inode *inode, u64 fragment, unsigned count)
118 ubh_sync_block(UCPI_UBH(ucpi)); 118 ubh_sync_block(UCPI_UBH(ucpi));
119 ufs_mark_sb_dirty(sb); 119 ufs_mark_sb_dirty(sb);
120 120
121 unlock_super (sb); 121 mutex_unlock(&UFS_SB(sb)->s_lock);
122 UFSD("EXIT\n"); 122 UFSD("EXIT\n");
123 return; 123 return;
124 124
125failed: 125failed:
126 unlock_super (sb); 126 mutex_unlock(&UFS_SB(sb)->s_lock);
127 UFSD("EXIT (FAILED)\n"); 127 UFSD("EXIT (FAILED)\n");
128 return; 128 return;
129} 129}
@@ -155,7 +155,7 @@ void ufs_free_blocks(struct inode *inode, u64 fragment, unsigned count)
155 goto failed; 155 goto failed;
156 } 156 }
157 157
158 lock_super(sb); 158 mutex_lock(&UFS_SB(sb)->s_lock);
159 159
160do_more: 160do_more:
161 overflow = 0; 161 overflow = 0;
@@ -215,12 +215,12 @@ do_more:
215 } 215 }
216 216
217 ufs_mark_sb_dirty(sb); 217 ufs_mark_sb_dirty(sb);
218 unlock_super (sb); 218 mutex_unlock(&UFS_SB(sb)->s_lock);
219 UFSD("EXIT\n"); 219 UFSD("EXIT\n");
220 return; 220 return;
221 221
222failed_unlock: 222failed_unlock:
223 unlock_super (sb); 223 mutex_unlock(&UFS_SB(sb)->s_lock);
224failed: 224failed:
225 UFSD("EXIT (FAILED)\n"); 225 UFSD("EXIT (FAILED)\n");
226 return; 226 return;
@@ -361,7 +361,7 @@ u64 ufs_new_fragments(struct inode *inode, void *p, u64 fragment,
361 usb1 = ubh_get_usb_first(uspi); 361 usb1 = ubh_get_usb_first(uspi);
362 *err = -ENOSPC; 362 *err = -ENOSPC;
363 363
364 lock_super (sb); 364 mutex_lock(&UFS_SB(sb)->s_lock);
365 tmp = ufs_data_ptr_to_cpu(sb, p); 365 tmp = ufs_data_ptr_to_cpu(sb, p);
366 366
367 if (count + ufs_fragnum(fragment) > uspi->s_fpb) { 367 if (count + ufs_fragnum(fragment) > uspi->s_fpb) {
@@ -382,19 +382,19 @@ u64 ufs_new_fragments(struct inode *inode, void *p, u64 fragment,
382 "fragment %llu, tmp %llu\n", 382 "fragment %llu, tmp %llu\n",
383 (unsigned long long)fragment, 383 (unsigned long long)fragment,
384 (unsigned long long)tmp); 384 (unsigned long long)tmp);
385 unlock_super(sb); 385 mutex_unlock(&UFS_SB(sb)->s_lock);
386 return INVBLOCK; 386 return INVBLOCK;
387 } 387 }
388 if (fragment < UFS_I(inode)->i_lastfrag) { 388 if (fragment < UFS_I(inode)->i_lastfrag) {
389 UFSD("EXIT (ALREADY ALLOCATED)\n"); 389 UFSD("EXIT (ALREADY ALLOCATED)\n");
390 unlock_super (sb); 390 mutex_unlock(&UFS_SB(sb)->s_lock);
391 return 0; 391 return 0;
392 } 392 }
393 } 393 }
394 else { 394 else {
395 if (tmp) { 395 if (tmp) {
396 UFSD("EXIT (ALREADY ALLOCATED)\n"); 396 UFSD("EXIT (ALREADY ALLOCATED)\n");
397 unlock_super(sb); 397 mutex_unlock(&UFS_SB(sb)->s_lock);
398 return 0; 398 return 0;
399 } 399 }
400 } 400 }
@@ -403,7 +403,7 @@ u64 ufs_new_fragments(struct inode *inode, void *p, u64 fragment,
403 * There is not enough space for user on the device 403 * There is not enough space for user on the device
404 */ 404 */
405 if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(uspi, UFS_MINFREE) <= 0) { 405 if (!capable(CAP_SYS_RESOURCE) && ufs_freespace(uspi, UFS_MINFREE) <= 0) {
406 unlock_super (sb); 406 mutex_unlock(&UFS_SB(sb)->s_lock);
407 UFSD("EXIT (FAILED)\n"); 407 UFSD("EXIT (FAILED)\n");
408 return 0; 408 return 0;
409 } 409 }
@@ -428,7 +428,7 @@ u64 ufs_new_fragments(struct inode *inode, void *p, u64 fragment,
428 ufs_clear_frags(inode, result + oldcount, 428 ufs_clear_frags(inode, result + oldcount,
429 newcount - oldcount, locked_page != NULL); 429 newcount - oldcount, locked_page != NULL);
430 } 430 }
431 unlock_super(sb); 431 mutex_unlock(&UFS_SB(sb)->s_lock);
432 UFSD("EXIT, result %llu\n", (unsigned long long)result); 432 UFSD("EXIT, result %llu\n", (unsigned long long)result);
433 return result; 433 return result;
434 } 434 }
@@ -443,7 +443,7 @@ u64 ufs_new_fragments(struct inode *inode, void *p, u64 fragment,
443 fragment + count); 443 fragment + count);
444 ufs_clear_frags(inode, result + oldcount, newcount - oldcount, 444 ufs_clear_frags(inode, result + oldcount, newcount - oldcount,
445 locked_page != NULL); 445 locked_page != NULL);
446 unlock_super(sb); 446 mutex_unlock(&UFS_SB(sb)->s_lock);
447 UFSD("EXIT, result %llu\n", (unsigned long long)result); 447 UFSD("EXIT, result %llu\n", (unsigned long long)result);
448 return result; 448 return result;
449 } 449 }
@@ -481,7 +481,7 @@ u64 ufs_new_fragments(struct inode *inode, void *p, u64 fragment,
481 *err = 0; 481 *err = 0;
482 UFS_I(inode)->i_lastfrag = max(UFS_I(inode)->i_lastfrag, 482 UFS_I(inode)->i_lastfrag = max(UFS_I(inode)->i_lastfrag,
483 fragment + count); 483 fragment + count);
484 unlock_super(sb); 484 mutex_unlock(&UFS_SB(sb)->s_lock);
485 if (newcount < request) 485 if (newcount < request)
486 ufs_free_fragments (inode, result + newcount, request - newcount); 486 ufs_free_fragments (inode, result + newcount, request - newcount);
487 ufs_free_fragments (inode, tmp, oldcount); 487 ufs_free_fragments (inode, tmp, oldcount);
@@ -489,7 +489,7 @@ u64 ufs_new_fragments(struct inode *inode, void *p, u64 fragment,
489 return result; 489 return result;
490 } 490 }
491 491
492 unlock_super(sb); 492 mutex_unlock(&UFS_SB(sb)->s_lock);
493 UFSD("EXIT (FAILED)\n"); 493 UFSD("EXIT (FAILED)\n");
494 return 0; 494 return 0;
495} 495}
diff --git a/fs/ufs/ialloc.c b/fs/ufs/ialloc.c
index e84cbe21b986..d0426d74817b 100644
--- a/fs/ufs/ialloc.c
+++ b/fs/ufs/ialloc.c
@@ -71,11 +71,11 @@ void ufs_free_inode (struct inode * inode)
71 71
72 ino = inode->i_ino; 72 ino = inode->i_ino;
73 73
74 lock_super (sb); 74 mutex_lock(&UFS_SB(sb)->s_lock);
75 75
76 if (!((ino > 1) && (ino < (uspi->s_ncg * uspi->s_ipg )))) { 76 if (!((ino > 1) && (ino < (uspi->s_ncg * uspi->s_ipg )))) {
77 ufs_warning(sb, "ufs_free_inode", "reserved inode or nonexistent inode %u\n", ino); 77 ufs_warning(sb, "ufs_free_inode", "reserved inode or nonexistent inode %u\n", ino);
78 unlock_super (sb); 78 mutex_unlock(&UFS_SB(sb)->s_lock);
79 return; 79 return;
80 } 80 }
81 81
@@ -83,7 +83,7 @@ void ufs_free_inode (struct inode * inode)
83 bit = ufs_inotocgoff (ino); 83 bit = ufs_inotocgoff (ino);
84 ucpi = ufs_load_cylinder (sb, cg); 84 ucpi = ufs_load_cylinder (sb, cg);
85 if (!ucpi) { 85 if (!ucpi) {
86 unlock_super (sb); 86 mutex_unlock(&UFS_SB(sb)->s_lock);
87 return; 87 return;
88 } 88 }
89 ucg = ubh_get_ucg(UCPI_UBH(ucpi)); 89 ucg = ubh_get_ucg(UCPI_UBH(ucpi));
@@ -117,7 +117,7 @@ void ufs_free_inode (struct inode * inode)
117 ubh_sync_block(UCPI_UBH(ucpi)); 117 ubh_sync_block(UCPI_UBH(ucpi));
118 118
119 ufs_mark_sb_dirty(sb); 119 ufs_mark_sb_dirty(sb);
120 unlock_super (sb); 120 mutex_unlock(&UFS_SB(sb)->s_lock);
121 UFSD("EXIT\n"); 121 UFSD("EXIT\n");
122} 122}
123 123
@@ -197,7 +197,7 @@ struct inode *ufs_new_inode(struct inode *dir, umode_t mode)
197 uspi = sbi->s_uspi; 197 uspi = sbi->s_uspi;
198 usb1 = ubh_get_usb_first(uspi); 198 usb1 = ubh_get_usb_first(uspi);
199 199
200 lock_super (sb); 200 mutex_lock(&sbi->s_lock);
201 201
202 /* 202 /*
203 * Try to place the inode in its parent directory 203 * Try to place the inode in its parent directory
@@ -333,20 +333,20 @@ cg_found:
333 brelse(bh); 333 brelse(bh);
334 } 334 }
335 335
336 unlock_super (sb); 336 mutex_unlock(&sbi->s_lock);
337 337
338 UFSD("allocating inode %lu\n", inode->i_ino); 338 UFSD("allocating inode %lu\n", inode->i_ino);
339 UFSD("EXIT\n"); 339 UFSD("EXIT\n");
340 return inode; 340 return inode;
341 341
342fail_remove_inode: 342fail_remove_inode:
343 unlock_super(sb); 343 mutex_unlock(&sbi->s_lock);
344 clear_nlink(inode); 344 clear_nlink(inode);
345 iput(inode); 345 iput(inode);
346 UFSD("EXIT (FAILED): err %d\n", err); 346 UFSD("EXIT (FAILED): err %d\n", err);
347 return ERR_PTR(err); 347 return ERR_PTR(err);
348failed: 348failed:
349 unlock_super (sb); 349 mutex_unlock(&sbi->s_lock);
350 make_bad_inode(inode); 350 make_bad_inode(inode);
351 iput (inode); 351 iput (inode);
352 UFSD("EXIT (FAILED): err %d\n", err); 352 UFSD("EXIT (FAILED): err %d\n", err);
diff --git a/fs/ufs/super.c b/fs/ufs/super.c
index f7cfecfe1cab..dc8e3a861d0f 100644
--- a/fs/ufs/super.c
+++ b/fs/ufs/super.c
@@ -699,7 +699,7 @@ static int ufs_sync_fs(struct super_block *sb, int wait)
699 unsigned flags; 699 unsigned flags;
700 700
701 lock_ufs(sb); 701 lock_ufs(sb);
702 lock_super(sb); 702 mutex_lock(&UFS_SB(sb)->s_lock);
703 703
704 UFSD("ENTER\n"); 704 UFSD("ENTER\n");
705 705
@@ -717,7 +717,7 @@ static int ufs_sync_fs(struct super_block *sb, int wait)
717 ufs_put_cstotal(sb); 717 ufs_put_cstotal(sb);
718 718
719 UFSD("EXIT\n"); 719 UFSD("EXIT\n");
720 unlock_super(sb); 720 mutex_unlock(&UFS_SB(sb)->s_lock);
721 unlock_ufs(sb); 721 unlock_ufs(sb);
722 722
723 return 0; 723 return 0;
@@ -805,6 +805,7 @@ static int ufs_fill_super(struct super_block *sb, void *data, int silent)
805 } 805 }
806#endif 806#endif
807 mutex_init(&sbi->mutex); 807 mutex_init(&sbi->mutex);
808 mutex_init(&sbi->s_lock);
808 spin_lock_init(&sbi->work_lock); 809 spin_lock_init(&sbi->work_lock);
809 INIT_DELAYED_WORK(&sbi->sync_work, delayed_sync_fs); 810 INIT_DELAYED_WORK(&sbi->sync_work, delayed_sync_fs);
810 /* 811 /*
@@ -1280,7 +1281,7 @@ static int ufs_remount (struct super_block *sb, int *mount_flags, char *data)
1280 unsigned flags; 1281 unsigned flags;
1281 1282
1282 lock_ufs(sb); 1283 lock_ufs(sb);
1283 lock_super(sb); 1284 mutex_lock(&UFS_SB(sb)->s_lock);
1284 uspi = UFS_SB(sb)->s_uspi; 1285 uspi = UFS_SB(sb)->s_uspi;
1285 flags = UFS_SB(sb)->s_flags; 1286 flags = UFS_SB(sb)->s_flags;
1286 usb1 = ubh_get_usb_first(uspi); 1287 usb1 = ubh_get_usb_first(uspi);
@@ -1294,7 +1295,7 @@ static int ufs_remount (struct super_block *sb, int *mount_flags, char *data)
1294 new_mount_opt = 0; 1295 new_mount_opt = 0;
1295 ufs_set_opt (new_mount_opt, ONERROR_LOCK); 1296 ufs_set_opt (new_mount_opt, ONERROR_LOCK);
1296 if (!ufs_parse_options (data, &new_mount_opt)) { 1297 if (!ufs_parse_options (data, &new_mount_opt)) {
1297 unlock_super(sb); 1298 mutex_unlock(&UFS_SB(sb)->s_lock);
1298 unlock_ufs(sb); 1299 unlock_ufs(sb);
1299 return -EINVAL; 1300 return -EINVAL;
1300 } 1301 }
@@ -1302,14 +1303,14 @@ static int ufs_remount (struct super_block *sb, int *mount_flags, char *data)
1302 new_mount_opt |= ufstype; 1303 new_mount_opt |= ufstype;
1303 } else if ((new_mount_opt & UFS_MOUNT_UFSTYPE) != ufstype) { 1304 } else if ((new_mount_opt & UFS_MOUNT_UFSTYPE) != ufstype) {
1304 printk("ufstype can't be changed during remount\n"); 1305 printk("ufstype can't be changed during remount\n");
1305 unlock_super(sb); 1306 mutex_unlock(&UFS_SB(sb)->s_lock);
1306 unlock_ufs(sb); 1307 unlock_ufs(sb);
1307 return -EINVAL; 1308 return -EINVAL;
1308 } 1309 }
1309 1310
1310 if ((*mount_flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY)) { 1311 if ((*mount_flags & MS_RDONLY) == (sb->s_flags & MS_RDONLY)) {
1311 UFS_SB(sb)->s_mount_opt = new_mount_opt; 1312 UFS_SB(sb)->s_mount_opt = new_mount_opt;
1312 unlock_super(sb); 1313 mutex_unlock(&UFS_SB(sb)->s_lock);
1313 unlock_ufs(sb); 1314 unlock_ufs(sb);
1314 return 0; 1315 return 0;
1315 } 1316 }
@@ -1334,7 +1335,7 @@ static int ufs_remount (struct super_block *sb, int *mount_flags, char *data)
1334#ifndef CONFIG_UFS_FS_WRITE 1335#ifndef CONFIG_UFS_FS_WRITE
1335 printk("ufs was compiled with read-only support, " 1336 printk("ufs was compiled with read-only support, "
1336 "can't be mounted as read-write\n"); 1337 "can't be mounted as read-write\n");
1337 unlock_super(sb); 1338 mutex_unlock(&UFS_SB(sb)->s_lock);
1338 unlock_ufs(sb); 1339 unlock_ufs(sb);
1339 return -EINVAL; 1340 return -EINVAL;
1340#else 1341#else
@@ -1344,13 +1345,13 @@ static int ufs_remount (struct super_block *sb, int *mount_flags, char *data)
1344 ufstype != UFS_MOUNT_UFSTYPE_SUNx86 && 1345 ufstype != UFS_MOUNT_UFSTYPE_SUNx86 &&
1345 ufstype != UFS_MOUNT_UFSTYPE_UFS2) { 1346 ufstype != UFS_MOUNT_UFSTYPE_UFS2) {
1346 printk("this ufstype is read-only supported\n"); 1347 printk("this ufstype is read-only supported\n");
1347 unlock_super(sb); 1348 mutex_unlock(&UFS_SB(sb)->s_lock);
1348 unlock_ufs(sb); 1349 unlock_ufs(sb);
1349 return -EINVAL; 1350 return -EINVAL;
1350 } 1351 }
1351 if (!ufs_read_cylinder_structures(sb)) { 1352 if (!ufs_read_cylinder_structures(sb)) {
1352 printk("failed during remounting\n"); 1353 printk("failed during remounting\n");
1353 unlock_super(sb); 1354 mutex_unlock(&UFS_SB(sb)->s_lock);
1354 unlock_ufs(sb); 1355 unlock_ufs(sb);
1355 return -EPERM; 1356 return -EPERM;
1356 } 1357 }
@@ -1358,7 +1359,7 @@ static int ufs_remount (struct super_block *sb, int *mount_flags, char *data)
1358#endif 1359#endif
1359 } 1360 }
1360 UFS_SB(sb)->s_mount_opt = new_mount_opt; 1361 UFS_SB(sb)->s_mount_opt = new_mount_opt;
1361 unlock_super(sb); 1362 mutex_unlock(&UFS_SB(sb)->s_lock);
1362 unlock_ufs(sb); 1363 unlock_ufs(sb);
1363 return 0; 1364 return 0;
1364} 1365}
diff --git a/fs/ufs/ufs.h b/fs/ufs/ufs.h
index 343e6fc571e5..ff2c15ab81aa 100644
--- a/fs/ufs/ufs.h
+++ b/fs/ufs/ufs.h
@@ -24,6 +24,7 @@ struct ufs_sb_info {
24 int work_queued; /* non-zero if the delayed work is queued */ 24 int work_queued; /* non-zero if the delayed work is queued */
25 struct delayed_work sync_work; /* FS sync delayed work */ 25 struct delayed_work sync_work; /* FS sync delayed work */
26 spinlock_t work_lock; /* protects sync_work and work_queued */ 26 spinlock_t work_lock; /* protects sync_work and work_queued */
27 struct mutex s_lock;
27}; 28};
28 29
29struct ufs_inode_info { 30struct ufs_inode_info {
diff --git a/fs/xfs/xfs_export.c b/fs/xfs/xfs_export.c
index 42679223a0fd..8c6d1d70278c 100644
--- a/fs/xfs/xfs_export.c
+++ b/fs/xfs/xfs_export.c
@@ -189,6 +189,9 @@ xfs_fs_fh_to_parent(struct super_block *sb, struct fid *fid,
189 struct xfs_fid64 *fid64 = (struct xfs_fid64 *)fid; 189 struct xfs_fid64 *fid64 = (struct xfs_fid64 *)fid;
190 struct inode *inode = NULL; 190 struct inode *inode = NULL;
191 191
192 if (fh_len < xfs_fileid_length(fileid_type))
193 return NULL;
194
192 switch (fileid_type) { 195 switch (fileid_type) {
193 case FILEID_INO32_GEN_PARENT: 196 case FILEID_INO32_GEN_PARENT:
194 inode = xfs_nfs_get_inode(sb, fid->i32.parent_ino, 197 inode = xfs_nfs_get_inode(sb, fid->i32.parent_ino,
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 39f3e12ca752..8ef2fc9f1f08 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1136,7 +1136,7 @@ static inline int file_check_writeable(struct file *filp)
1136#if BITS_PER_LONG==32 1136#if BITS_PER_LONG==32
1137#define MAX_LFS_FILESIZE (((loff_t)PAGE_CACHE_SIZE << (BITS_PER_LONG-1))-1) 1137#define MAX_LFS_FILESIZE (((loff_t)PAGE_CACHE_SIZE << (BITS_PER_LONG-1))-1)
1138#elif BITS_PER_LONG==64 1138#elif BITS_PER_LONG==64
1139#define MAX_LFS_FILESIZE ((loff_t)0x7fffffffffffffff) 1139#define MAX_LFS_FILESIZE ((loff_t)0x7fffffffffffffffLL)
1140#endif 1140#endif
1141 1141
1142#define FL_POSIX 1 1142#define FL_POSIX 1
@@ -1511,7 +1511,6 @@ struct super_block {
1511 unsigned long s_magic; 1511 unsigned long s_magic;
1512 struct dentry *s_root; 1512 struct dentry *s_root;
1513 struct rw_semaphore s_umount; 1513 struct rw_semaphore s_umount;
1514 struct mutex s_lock;
1515 int s_count; 1514 int s_count;
1516 atomic_t s_active; 1515 atomic_t s_active;
1517#ifdef CONFIG_SECURITY 1516#ifdef CONFIG_SECURITY
@@ -2080,7 +2079,7 @@ extern struct vfsmount *kern_mount_data(struct file_system_type *, void *data);
2080extern void kern_unmount(struct vfsmount *mnt); 2079extern void kern_unmount(struct vfsmount *mnt);
2081extern int may_umount_tree(struct vfsmount *); 2080extern int may_umount_tree(struct vfsmount *);
2082extern int may_umount(struct vfsmount *); 2081extern int may_umount(struct vfsmount *);
2083extern long do_mount(char *, char *, char *, unsigned long, void *); 2082extern long do_mount(const char *, const char *, const char *, unsigned long, void *);
2084extern struct vfsmount *collect_mounts(struct path *); 2083extern struct vfsmount *collect_mounts(struct path *);
2085extern void drop_collected_mounts(struct vfsmount *); 2084extern void drop_collected_mounts(struct vfsmount *);
2086extern int iterate_mounts(int (*)(struct vfsmount *, void *), void *, 2085extern int iterate_mounts(int (*)(struct vfsmount *, void *), void *,
diff --git a/include/linux/lglock.h b/include/linux/lglock.h
index f01e5f6d1f07..0d24e932db0b 100644
--- a/include/linux/lglock.h
+++ b/include/linux/lglock.h
@@ -32,20 +32,13 @@
32#define br_write_lock(name) lg_global_lock(name) 32#define br_write_lock(name) lg_global_lock(name)
33#define br_write_unlock(name) lg_global_unlock(name) 33#define br_write_unlock(name) lg_global_unlock(name)
34 34
35#define DEFINE_BRLOCK(name) DEFINE_LGLOCK(name) 35#define DEFINE_BRLOCK(name) DEFINE_LGLOCK(name)
36#define DEFINE_STATIC_BRLOCK(name) DEFINE_STATIC_LGLOCK(name)
36 37
37#ifdef CONFIG_DEBUG_LOCK_ALLOC 38#ifdef CONFIG_DEBUG_LOCK_ALLOC
38#define LOCKDEP_INIT_MAP lockdep_init_map 39#define LOCKDEP_INIT_MAP lockdep_init_map
39
40#define DEFINE_LGLOCK_LOCKDEP(name) \
41 struct lock_class_key name##_lock_key; \
42 struct lockdep_map name##_lock_dep_map; \
43 EXPORT_SYMBOL(name##_lock_dep_map)
44
45#else 40#else
46#define LOCKDEP_INIT_MAP(a, b, c, d) 41#define LOCKDEP_INIT_MAP(a, b, c, d)
47
48#define DEFINE_LGLOCK_LOCKDEP(name)
49#endif 42#endif
50 43
51struct lglock { 44struct lglock {
@@ -57,11 +50,15 @@ struct lglock {
57}; 50};
58 51
59#define DEFINE_LGLOCK(name) \ 52#define DEFINE_LGLOCK(name) \
60 DEFINE_LGLOCK_LOCKDEP(name); \ 53 static DEFINE_PER_CPU(arch_spinlock_t, name ## _lock) \
61 DEFINE_PER_CPU(arch_spinlock_t, name ## _lock) \
62 = __ARCH_SPIN_LOCK_UNLOCKED; \ 54 = __ARCH_SPIN_LOCK_UNLOCKED; \
63 struct lglock name = { .lock = &name ## _lock } 55 struct lglock name = { .lock = &name ## _lock }
64 56
57#define DEFINE_STATIC_LGLOCK(name) \
58 static DEFINE_PER_CPU(arch_spinlock_t, name ## _lock) \
59 = __ARCH_SPIN_LOCK_UNLOCKED; \
60 static struct lglock name = { .lock = &name ## _lock }
61
65void lg_lock_init(struct lglock *lg, char *name); 62void lg_lock_init(struct lglock *lg, char *name);
66void lg_local_lock(struct lglock *lg); 63void lg_local_lock(struct lglock *lg);
67void lg_local_unlock(struct lglock *lg); 64void lg_local_unlock(struct lglock *lg);
diff --git a/include/linux/security.h b/include/linux/security.h
index 5b50c4e1a7c2..05e88bdcf7d9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1411,8 +1411,8 @@ struct security_operations {
1411 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data); 1411 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1412 int (*sb_show_options) (struct seq_file *m, struct super_block *sb); 1412 int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1413 int (*sb_statfs) (struct dentry *dentry); 1413 int (*sb_statfs) (struct dentry *dentry);
1414 int (*sb_mount) (char *dev_name, struct path *path, 1414 int (*sb_mount) (const char *dev_name, struct path *path,
1415 char *type, unsigned long flags, void *data); 1415 const char *type, unsigned long flags, void *data);
1416 int (*sb_umount) (struct vfsmount *mnt, int flags); 1416 int (*sb_umount) (struct vfsmount *mnt, int flags);
1417 int (*sb_pivotroot) (struct path *old_path, 1417 int (*sb_pivotroot) (struct path *old_path,
1418 struct path *new_path); 1418 struct path *new_path);
@@ -1694,8 +1694,8 @@ int security_sb_remount(struct super_block *sb, void *data);
1694int security_sb_kern_mount(struct super_block *sb, int flags, void *data); 1694int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
1695int security_sb_show_options(struct seq_file *m, struct super_block *sb); 1695int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1696int security_sb_statfs(struct dentry *dentry); 1696int security_sb_statfs(struct dentry *dentry);
1697int security_sb_mount(char *dev_name, struct path *path, 1697int security_sb_mount(const char *dev_name, struct path *path,
1698 char *type, unsigned long flags, void *data); 1698 const char *type, unsigned long flags, void *data);
1699int security_sb_umount(struct vfsmount *mnt, int flags); 1699int security_sb_umount(struct vfsmount *mnt, int flags);
1700int security_sb_pivotroot(struct path *old_path, struct path *new_path); 1700int security_sb_pivotroot(struct path *old_path, struct path *new_path);
1701int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); 1701int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
@@ -1964,8 +1964,8 @@ static inline int security_sb_statfs(struct dentry *dentry)
1964 return 0; 1964 return 0;
1965} 1965}
1966 1966
1967static inline int security_sb_mount(char *dev_name, struct path *path, 1967static inline int security_sb_mount(const char *dev_name, struct path *path,
1968 char *type, unsigned long flags, 1968 const char *type, unsigned long flags,
1969 void *data) 1969 void *data)
1970{ 1970{
1971 return 0; 1971 return 0;
diff --git a/kernel/audit.c b/kernel/audit.c
index 4d0ceede3319..40414e9143db 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1440,6 +1440,8 @@ void audit_log_link_denied(const char *operation, struct path *link)
1440 1440
1441 ab = audit_log_start(current->audit_context, GFP_KERNEL, 1441 ab = audit_log_start(current->audit_context, GFP_KERNEL,
1442 AUDIT_ANOM_LINK); 1442 AUDIT_ANOM_LINK);
1443 if (!ab)
1444 return;
1443 audit_log_format(ab, "op=%s action=denied", operation); 1445 audit_log_format(ab, "op=%s action=denied", operation);
1444 audit_log_format(ab, " pid=%d comm=", current->pid); 1446 audit_log_format(ab, " pid=%d comm=", current->pid);
1445 audit_log_untrustedstring(ab, current->comm); 1447 audit_log_untrustedstring(ab, current->comm);
diff --git a/mm/shmem.c b/mm/shmem.c
index cc12072f8787..67afba5117f2 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2220,12 +2220,14 @@ static struct dentry *shmem_fh_to_dentry(struct super_block *sb,
2220{ 2220{
2221 struct inode *inode; 2221 struct inode *inode;
2222 struct dentry *dentry = NULL; 2222 struct dentry *dentry = NULL;
2223 u64 inum = fid->raw[2]; 2223 u64 inum;
2224 inum = (inum << 32) | fid->raw[1];
2225 2224
2226 if (fh_len < 3) 2225 if (fh_len < 3)
2227 return NULL; 2226 return NULL;
2228 2227
2228 inum = fid->raw[2];
2229 inum = (inum << 32) | fid->raw[1];
2230
2229 inode = ilookup5(sb, (unsigned long)(inum + fid->raw[0]), 2231 inode = ilookup5(sb, (unsigned long)(inum + fid->raw[0]),
2230 shmem_match, fid->raw); 2232 shmem_match, fid->raw);
2231 if (inode) { 2233 if (inode) {
diff --git a/security/capability.c b/security/capability.c
index a40aac677c72..b14a30c234b8 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -74,8 +74,8 @@ static int cap_sb_statfs(struct dentry *dentry)
74 return 0; 74 return 0;
75} 75}
76 76
77static int cap_sb_mount(char *dev_name, struct path *path, char *type, 77static int cap_sb_mount(const char *dev_name, struct path *path,
78 unsigned long flags, void *data) 78 const char *type, unsigned long flags, void *data)
79{ 79{
80 return 0; 80 return 0;
81} 81}
diff --git a/security/security.c b/security/security.c
index 3724029d0f6d..8dcd4ae10a5f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -276,8 +276,8 @@ int security_sb_statfs(struct dentry *dentry)
276 return security_ops->sb_statfs(dentry); 276 return security_ops->sb_statfs(dentry);
277} 277}
278 278
279int security_sb_mount(char *dev_name, struct path *path, 279int security_sb_mount(const char *dev_name, struct path *path,
280 char *type, unsigned long flags, void *data) 280 const char *type, unsigned long flags, void *data)
281{ 281{
282 return security_ops->sb_mount(dev_name, path, type, flags, data); 282 return security_ops->sb_mount(dev_name, path, type, flags, data);
283} 283}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 651d8456611a..24ab4148547c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2452,9 +2452,9 @@ static int selinux_sb_statfs(struct dentry *dentry)
2452 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad); 2452 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2453} 2453}
2454 2454
2455static int selinux_mount(char *dev_name, 2455static int selinux_mount(const char *dev_name,
2456 struct path *path, 2456 struct path *path,
2457 char *type, 2457 const char *type,
2458 unsigned long flags, 2458 unsigned long flags,
2459 void *data) 2459 void *data)
2460{ 2460{
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 2874c7316783..38be92ce901e 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -408,8 +408,8 @@ static int smack_sb_statfs(struct dentry *dentry)
408 * Returns 0 if current can write the floor of the filesystem 408 * Returns 0 if current can write the floor of the filesystem
409 * being mounted on, an error code otherwise. 409 * being mounted on, an error code otherwise.
410 */ 410 */
411static int smack_sb_mount(char *dev_name, struct path *path, 411static int smack_sb_mount(const char *dev_name, struct path *path,
412 char *type, unsigned long flags, void *data) 412 const char *type, unsigned long flags, void *data)
413{ 413{
414 struct superblock_smack *sbp = path->dentry->d_sb->s_security; 414 struct superblock_smack *sbp = path->dentry->d_sb->s_security;
415 struct smk_audit_info ad; 415 struct smk_audit_info ad;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index af010b62d544..d4f166bc3508 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -970,7 +970,7 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r,
970 const u8 index); 970 const u8 index);
971int tomoyo_mkdev_perm(const u8 operation, struct path *path, 971int tomoyo_mkdev_perm(const u8 operation, struct path *path,
972 const unsigned int mode, unsigned int dev); 972 const unsigned int mode, unsigned int dev);
973int tomoyo_mount_permission(char *dev_name, struct path *path, 973int tomoyo_mount_permission(const char *dev_name, struct path *path,
974 const char *type, unsigned long flags, 974 const char *type, unsigned long flags,
975 void *data_page); 975 void *data_page);
976int tomoyo_open_control(const u8 type, struct file *file); 976int tomoyo_open_control(const u8 type, struct file *file);
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index fe00cdfd0267..390c646013cb 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -71,7 +71,8 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
71 * 71 *
72 * Caller holds tomoyo_read_lock(). 72 * Caller holds tomoyo_read_lock().
73 */ 73 */
74static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name, 74static int tomoyo_mount_acl(struct tomoyo_request_info *r,
75 const char *dev_name,
75 struct path *dir, const char *type, 76 struct path *dir, const char *type,
76 unsigned long flags) 77 unsigned long flags)
77{ 78{
@@ -183,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
183 * 184 *
184 * Returns 0 on success, negative value otherwise. 185 * Returns 0 on success, negative value otherwise.
185 */ 186 */
186int tomoyo_mount_permission(char *dev_name, struct path *path, 187int tomoyo_mount_permission(const char *dev_name, struct path *path,
187 const char *type, unsigned long flags, 188 const char *type, unsigned long flags,
188 void *data_page) 189 void *data_page)
189{ 190{
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index d88eb3a046ed..a2ee362546ab 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -408,8 +408,8 @@ static int tomoyo_path_chroot(struct path *path)
408 * 408 *
409 * Returns 0 on success, negative value otherwise. 409 * Returns 0 on success, negative value otherwise.
410 */ 410 */
411static int tomoyo_sb_mount(char *dev_name, struct path *path, 411static int tomoyo_sb_mount(const char *dev_name, struct path *path,
412 char *type, unsigned long flags, void *data) 412 const char *type, unsigned long flags, void *data)
413{ 413{
414 return tomoyo_mount_permission(dev_name, path, type, flags, data); 414 return tomoyo_mount_permission(dev_name, path, type, flags, data);
415} 415}
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-07 10:54:35 -0400